Security News

Threat actors are compromising Windows IIS servers to add expired certificate notification pages that prompt visitors to download a malicious fake installer. Internet Information Services is Microsoft Windows web server software included with all Windows versions since Windows 2000, XP, and Server 2003.

Learn tips on how you can use the Linux openssl command to find critical certificate details. It's important to not only keep an eye on upcoming SSL certificate expirations but to completely verify the success of renewing/replacing these certificates.

If you need to generate quick SSL certificates for test servers and services, mkcert might be the fastest option available. For anything in production, you'll be purchasing your SSL certificates from a certificate authority, otherwise, you're not really giving those users much assurance.

Managing digital certificates, especially expirations and renewals, continues to be a challenging process for businesses of all sizes, a study of over 300 IT professionals in the U.S. and the UK conducted by Opinium reveals. Most companies rely on digital certificates and digital signatures, but the methods being utilized to manage the technology still leave plenty of room for error and improvement.

Paired with the required DMARC enforcement, VMCs are a critical step in a series of security measures that help strengthen email security, build trust in the inbox and help users associate the brand logo with the company they expect to communicate with. "With BIMI and VMC from DigiCert for DMARC-verified domains, organizations can now demonstrate to their customers a higher level of email security. DigiCert VMCs not only help reduce instances of spam and spoofing customers receive, because of the DMARC requirement, but they also enable organizations to go beyond displaying default email addresses to increase engagement rates and display their brands more prominently."

Google Cloud on Monday announced that its Certificate Authority Service is now generally available. The Google Cloud Certificate Authority Service, for which a public preview was announced in October 2020, is designed to help organizations "Simplify, automate, and customize the deployment, management, and security of private certificate authorities."

An unknown threat actor has compromised the servers of Mongolian certificate authority MonPass and abused the organization's website for malware distribution, according to security researchers at Avast. A major CA in East Asia, MonPass appears to have been breached at least six months ago, with the attackers returning to a compromised public web server approximately eight times.

In yet another instance of software supply chain attack, unidentified hackers breached the website of MonPass, one of Mongolia's major certificate authorities, to backdoor its installer software with Cobalt Strike binaries. Avast's investigation into the incident began after it discovered the backdoored installer and the implant on one of its customers' systems.

A recent Microsoft Teams update is causing a "Select a certificate" prompt to be displayed to Teams users before they can use the software. Microsoft has acknowledged the bug and is tracking the issue under the 'TM261228' advisory, where they state a recent update to the software is causing the problem.

The Microsoft Exchange admin portal is currently inaccessible from some browsers after Microsoft forgot to renew the SSL certificate for the website. Starting at 8 AM EST today, Microsoft Exchange admins who attempted to access the admin portal at admin.